Exploring new attack vectors for the exploitation of smartphones
This unique technical analysis is the work of Laurent Simon’s thesis, and the original PDF can be found here, https://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-909.pdf
Smartphones have evolved quickly into powerful miniature computing platforms. Today’s smartphones are yesterday’s supercomputers. They are multi-tenant platforms, the vast majority of smartphone OS’s [ Android and iOS ] are built upon unix.
Unique Attack Vectors:
One such characteristic is the sheer number of sensors and peripherals, such as anaccelerometer, a gyroscope and a built-in camera. These sensors can be abused to track user’s PIN inputs. In addition, side-channel exploits in hardware and software specific to smartphones can reveal what users are typing.
Another threat vector is theft or loss of a smartphone. This is impactful because users carry smartphones everywhere. This increases therisk of theft or loss. In fact, in 2013 alone, 1M devices were stolen in the USA, and 12000 in London.
Yet another characteristic of the smartphone ecosystem if the pace at which new devices are released: users tend to replace their phone about every 2 years, compared to 5 years for their personal computers.
For already 60% of users today the purchase ofa new smartphone is partly funded by selling the previous one. This can have privacy implications if the previous owner’s personal data is not properly erased.
This technical analysis is the work of Laurent Simon’s thesis at Cambridge University Computer laboratory. Please find the thesis in its entirety here: